Rule: ACM Certificates Expiry Within 30 Days
This rule ensures ACM certificates are set to expire within a 30-day period to maintain secure access control.
| Rule | ACM certificates should be set to expire within 30 days |
| Framework | NIST 800-53 Revision 4 |
| Severity | ✔ Medium |
Rule Description:
According to the NIST 800-53 Revision 4 compliance standards, the expiration period for ACM (AWS Certificate Manager) certificates should be set to 30 days. This rule ensures that the certificates are regularly renewed and mitigates the risk of using expired certificates, which can undermine security.
Troubleshooting Steps:
No troubleshooting steps required for this rule as it involves setting a specific configuration.
Necessary Codes:
There are no necessary codes for this rule as it involves configuring the certificate expiration period in ACM.
Step-by-Step Guide for Remediation:
To comply with the rule of setting ACM certificates to expire within 30 days for NIST 800-53 Revision 4, follow the step-by-step guide below:
- 1.
Identify the ACM certificate: Determine which ACM certificate needs to be updated for compliance.
- 2.
Access the AWS Management Console: Login to the AWS Management Console using your credentials.
- 3.
Go to the ACM service: From the AWS Management Console dashboard, search for "ACM" or find it under the "Security, Identity, & Compliance" category.
- 4.
Select the appropriate region: If your certificate is in a specific region, ensure that you are in the correct AWS region by selecting it from the dropdown menu in the top right corner of the console.
- 5.
Locate the certificate: In the ACM console, locate the certificate that needs to be updated. You can search for it by its domain name or filter the certificates by various attributes.
- 6.
Click on the certificate: Click on the desired certificate in the list to access its details and configuration.
- 7.
Check the expiration date: Verify the current expiration date of the certificate to determine if it exceeds the 30-day threshold.
- 8.
Modify the certificate expiration: If the certificate's expiration date is longer than 30 days, proceed with modifying it.
- 9.
Click on "Actions": In the top-right corner of the certificate details page, click on the "Actions" dropdown menu.
- 10.
Select "Renew certificate": From the list of actions, select "Renew certificate."
- 11.
Review the changes: A new window will appear, displaying the changes that will be made when renewing the certificate. Review the information to ensure it aligns with the desired configuration.
- 12.
Click on "Renew": If the changes are accurate, click on the "Renew" button to renew the certificate immediately.
- 13.
Verify the new expiration date: After renewing the certificate, navigate back to the certificate details page and confirm that the expiration date is now set within 30 days.
- 14.
Repeat for other certificates: If you have multiple ACM certificates that require the same configuration, repeat steps 5-13 for each certificate.
By following this step-by-step guide, you can ensure that your ACM certificates comply with the NIST 800-53 Revision 4 requirements by expiring within the specified 30-day period.